10Fold – Security Never Sleeps – 36

Big items to consider: Israel’s Electricity Authority experienced a serious hack attack that officials are still working to repel- though they have identified the virus and the software to neutralize it. A security breach discovered at software Juniper Networks has U.S. Officials worried that foreign hackers have been reading the encrypted communications of U.S. Government agencies for the past three years. Independent security researcher Michael Stepankin has reported a since-patched remote code execution hole in Paypal that could have allowed attackers to hijack production systems. The FBI discussed one if its top attacks based in the UK which offered a terse defense of those sometimes-controversial tactics and described how innocents on the Tor anonymizing network were protected from digital exploits with a human “wall” that sifted hacked data before it landed in the hands of investigators.

Israel’s Electricity Authority experienced a serious hack attack that officials are still working to repel, the country’s energy minister said Tuesday. The virus was already identified and the right software was already prepared to neutralize it according to the Israeli Energy Minister, Yuval Steinitz- but the computer systems of the Israeli Electricity Authority are still not working as they should. There’s no indication Israel’s power grid was attacked, though the attack followed five weeks after Ukraine’s power grid was disrupted in what is believed to be the world’s first known hacker power outage.

A security breach recently discovered at software Juniper Networks has U.S. Officials worried that foreign hackers have been reading the encrypted communications of U.S.government agencies for the past three years. On Dec. 17 the California-based Juniper Networks announced that an unauthorized backdoor had been placed in its ScreenOS software, and a breach was possible since 2013. This allowed an outside actor to monitor network traffic, potentially decrypt information, and even take control of firewalls. Days later the company provided its clients—which include various U.S. intelligence entities—with an “emergency security patch” to close the backdoor. The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor.

PayPal has fixed a serious vulnerability in its back-end management system that could have allowed attackers to execute arbitrary commands on the server and potentially install a backdoor. Independent security researcher Michael Stepankin has reported a since-patched remote code execution hole in Paypal that could have allowed attackers to hijack production systems. The critical vulnerability affecting manager.paypal.com revealed overnight was reported December 13th and patched soon after disclosure. After determining that the PayPal site was vulnerable to Java deserialization, Stepankin was able to exploit the flaw in order to execute arbitrary commands on its underlying Web server. After he reported the issue to PayPal and it got fixed, the company gave him a reward through its bug bounty program, even though his report was marked as a duplicate.

The FBI doesn’t often publicly discuss its use of Network Investigative Techniques, a catch-all term for digital attacks on suspect computers. But one of its top attaches based in the UK offered FORBES a terse defense of those sometimes-controversial tactics and described how innocents were protected from digital exploits with a human “wall” that sifted hacked data before it landed in the hands of investigators. TorMail was compromised by law enforcement back in 2013 and used to hack customers suspected of involvement in child abuse, according to a Washington Post report. Investigator Michael Driscoll explained to FORBES that, the “wall” was predominantly human, one consisting of people trained to determine what data could be used in an investigation. As the FBI continues to test the waters with fresh hacking techniques, it can expect more of those questions about its activities.

10Fold Content Newsletter

Popular Post

Our Client – AppDynamics

Get in Touch with 10Fold!

With offices based in San Francisco, the California Bay Area and Southern California, 10Fold Communications is conveniently located in the epicenter of technology innovation.

About

10Fold Communications is a high-tech integrated marketing and public relations agency. We leverage our specialized skills and our well-established media and analyst relations to provide you with far-reaching perspectives, insights and results. We’re dedicated to your success and we have the know-how to make it happen..